Sophos charts virus activity for first six months of 2004
A report published by Sophos, a world leader in protecting
businesses against viruses and spam, reveals that the number of new
viruses being written is increasing. In total, Sophos has detected
and protected against 4,677 new viruses in the first six months of
2004, up 21% on the same period last year.
The Sasser worm accounted for more than a quarter of all viruses
reported to Sophos so far this year, even though the worm only
first appeared in May.
Sasser claimed the top spot of the virus chart, in spite of the
raging battle between the widespread Netsky and Bagle worms, which
has wreaked havoc across the internet from mid-February. This war
produced six of the most damaging viruses of the year so far, with
Netsky-P proving to be the most prevalent. The good news for
computer users was the May arrest of Sven Jaschan, the German
teenager who confessed to authoring both the Sasser and Netsky
worms.
For the first six months of 2004, the top ten viruses (as
recorded by Sophos's global network of virus monitoring stations)
are as follows, with the most frequently occurring virus at number
one:
"Following in the footsteps of last year's hard-hitting Blaster
worm, Sasser exploited a critical vulnerability in Microsoft's
operating system in order to spread - this type of worm is proving
to be extremely 'successful' as Microsoft is finding it tough to
ensure computer users apply patches as soon as the flaws are
discovered," said Graham Cluley, senior technology consultant at
Sophos. "Sasser may have taken top spot, but six of the biggest
viruses of the last six months were all Netsky and Bagle variants -
these caused a continued nuisance for PC users the world over as
their authors entered into a very public game of virus writing
one-upmanship."
"Reassuringly, virus writers haven't had it all their own way so
far in 2004. Increased scrutiny from law enforcement agencies and
Microsoft's bounty initiative to encourage people to snitch on
virus writers, led to a very high profile
arrest in Germany. Sven Jaschan, teenage author of the Sasser
worm and member of Skynet, the gang responsible for distributing
Netsky, confessed in May. The German virus-writing community has
been relatively quiet ever since," continued Cluley.
MyDoom, the fifth most damaging virus so far this year,
highlights the increasing trend for virus writers to attempt to
create zombie armies of possessed PCs. This worm, which first
appeared in January, opened a backdoor into infected PCs, allowing
hackers to launch distributed denial of service
attacks on the websites belonging to Microsoft and SCO.
The sixth most prevalent virus so far this year, the Zafi-B
worm, is a prime example of how virus writers can use their
malicious code to distribute political messages. This worm called
for the Hungarian government to house the homeless and introduce
the death penalty against criminals. It continues to be
extremely successful in infecting computer users, spreading itself
by email and peer-to-peer filesharing systems.
First mobile phone virus discovered
The Cabir worm,
first seen in June, was a proof of concept mobile phone virus. The
worm that was written by the virus writing gang 29A, proved that it
was possible for a virus to spread via Bluetooth to other
compatible mobile phones in the vicinity. The worm posed no threat
to mobile phone users as the virus was not released in the
wild.
More arrests
The first female to be charged with distributing a virus was
arrested in
February. Kim Vanvaeck, aka 'Gigabyte', suspected author of several
viruses including Coconut-A, Sahay-A and Sharp-A, was arrested by
Belgian authorities and charged with computer sabotage. If
convicted she faces up to three years in prison and fines of up to
100,000 Euros.
In May, Wang Ping-an, a 30-year-old computer engineer was
arrested in
Taiwan for allegedly writing and distributing a Trojan horse that
enabled hackers to steal sensitive information from the island's
government computers.
"These arrests have sent a strong message to the virus community
that the authorities will not turn a blind eye to criminal computer
activity. However, the real deterrent will be tough sentencing. It
will be interesting to see what punishments are dished out by the
authorities against convicted virus writers and distributors,"
added Cluley.
Sophos has made available a free, constantly updated information feed for intranets and
websites which means users can always find out about the latest
viruses and hoaxes.
Graphics of the virus Top Ten chart are available here.
More information about safe
computing, including anti-hoax policies.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.